If I were to recommend you use a piece of cryptography-relevant software that I created, how would you actually know if it was any good? Art: Wayward Mutt Trust is, first and foremost, a social problem. If I told you a furry designed a core piece of Internet infrastructure, the reception to this would be…

Soatok is a blog or publication authored by Soatok Dhole, a security researcher and privacy advocate. Readers can explore articles covering topics such as cryptography, privacy-enhancing technologies, and digital rights. Additionally, they can learn about cybersecurity threats, encryption protocols, and strategies for protecting online privacy.

Dhole Moments

A comprehensive overview of software assurance methodologies applied to a Public Key Directory project for Fediverse E2EE. The author details their multi-layered testing approach including specification-first development, mutation testing (targeting 90%+ MSI), fuzz testing, static analysis with Psalm/PHPStan/Semgrep, property-based testing with Eris, and integration testing. Future plans include formal verification using ProVerif, requirements traceability with Duvet, and isochronic verification for constant-time guarantees. The piece emphasizes that trustworthiness comes from rigorous methodology rather than expensive audits, achieving high assurance through automated testing that cannot be gamed like traditional code coverage metrics.

Software Assurance & That Warm and Fuzzy Feeling

Cryptography Audits and Other Thought-Terminating Clichés